ofoshoI run an intranet in my office and I needed to create a way for users that were already logged into my site to be automatically logged into the wordpress site. In this case, I also wanted to only allow users that were logged into my site to be able to log into the wp site. I wrote the following plugin:
function auto_login(){
if(isset($_COOKIE[$USER_COOKIE]) && $_GET['loggedout'] != 'true'){
$credents[user_login] = $_CURRENT_USER->firstName;
$credents[user_password] = "kjabkjgvbasdjb";
$user = wp_signon($credents,$secure_cookie);
$redirect_to = get_option('siteurl');
}
else{
wp_safe_redirect(get_option('siteurl'));
}
}
add_action( 'login_init', 'auto_login' );Basically it checks if the cookie exists, and if so it leverages my pre-existing $_CURRENT_USER global variable to get the username of the user. It then uses a generic password (not the one shown) to log the user in. If there is no cookie then it redirects the user to the public page. If you replace the add_action line with a login_form_ addition you can use this to autologin users without restricting it to just current intranet users.
What do you guys think? I am brand new to wordpress, and this code, although short, feels a little insecure and inefficient, so any criticisms are welcome.
Thanks,
-O
